Yubico’s director of engineering on defending against phishing

Yubico’s mission is to make the internet safer for everyone, and at the heart of that is a belief that the best security requires usability. Anyone who accesses the internet is at risk from cybercrime, so YubiKeys are designed to provide phishing-resistant MFA protection for everyone. That’s why YubiKeys are so simple to set up and use, and don’t require additional software to defend against phishing attacks.

While the user experience is simple, the technology underpinning YubiKeys is much more complicated, and has developed considerably since the first prototype was created in 2008. This progress has been thanks to the work of a whole team, located mostly in the U.S. and Sweden. One important member of this team is Dain Nilsson, Yubicos’ director of engineering.

Dain won the inaugural YubiKing developer competition in 2009, while still a student at Stockholm’s prestigious KTH Royal Institute of Technology. He then spent time as a developer at companies including SmartBear Software, before joining Yubico in 2012 as Senior Software Developer. Having experienced–and played a leading role–in the development of the YubiKey over the years, he’s well-placed to explain how authentication technology has advanced. 

Dain recently spoke with IT-säkerhetspodden, a Swedish IT security podcast, hosted by Mattias Jadesköld and Erik Zalitis, in collaboration with Nordlo. Their conversation is a fantastic introduction to the technology behind the YubiKey and what makes it so unique.

You can listen to the full discussion in the podcast here. The episode is in English, aside from a short intro message.

At one point in the episode, there is a very technical discussion about ”Asynchronous Remote Key Generation.” We’ve previously explained this topic on our blog, and for those who are visually-minded, the below illustration can be helpful while listening to the podcast.

Additionally, we’ve put together a video of our highlights, including:

  • How to defend against phishing attacks using the YubiKey?
  • How do YubiKeys help remote workers stay secure?
  • How do I set up my YubiKey for the first time?

Watch the full video below:


Talk to our teamTalk to our team

Share this article:


  • Securing the skies with YubiKeys: Insights on cyber resilience in the aviation industry and beyondIn an increasingly interconnected world, the landscape of cybersecurity is constantly evolving. Bad actors are becoming more sophisticated, leveraging tactics like phishing and ransomware to exploit human error and weak credentials. This makes robust cybersecurity a universal issue, impacting everyone from individuals to the largest global enterprises – especially those in high-stakes sectors like commercial […]Read morecyber resilienceEUmanufacturingQ&A
  • Future-proofing authentication: A look at the future of post-quantum cryptographyThe path from passwords to passkeys and beyond In a previous blog I talked about the end of passwords and the rise of passkeys, which promise stronger security and less frustration for both individuals and businesses. The global momentum behind passkeys represents one of the most exciting shifts in authentication history, but realizing their full […]Read more
  • Goodbye master passwords: Dashlane and Yubico enhance credential vault encryption and login with YubiKeysAt Authenticate 2025 this week, the world’s leading experts on modern authentication and securing digital identities gathered, to discuss the future of secure authentication and achieving usable security across the account lifecycle. The message was clear: the future of phishing-resistant authentication is using passkeys for encryption, and the gold standard is device-bound passkeys – YubiKeys. […]Read morecredential vault encryptioncredential vault loginDashlanepartnerpasskey encryptionPRF
  • Piloting Europe’s future ID: Passkeys securing digital walletsOver the last several years, passkeys have become ubiquitous. They are available on every mobile platform, in every leading browser, as part of all major enterprise IAM solutions, and in most major cloud services. Until wwWallet came along, the only place where passkeys hadn’t yet made an impact is in the rapidly developing world of […]Read moredigital identity walletspasskeysSIROSwwWallet